The Indian cybersecurity agency CERT-In has cautioned WhatsApp users about certain vulnerabilities detected in the popular instant messaging app that could lead to a breach of sensitive information. A “high” severity rating advisory issued by the CERT-In, or the Indian Computer Emergency Response Team, said the vulnerability had been detected in software that has “WhatsApp and WhatsApp Business for Android before v18.104.22.168 and WhatsApp and WhatsApp Business for iOS before v2.21.32.”
The CERT-In is the national technology arm to combat cyberattacks and guarding Indian cyberspace.
“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it said. Describing the risk in detail, it said that these vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline.”
The advisory added that users of the app should update the latest version of WhatsApp from the Google Play Store or iOS App Store to counter the vulnerability threat.
In November 2020, CERT-In had issued a similar warning to WhatsApp users, alerting them of two major vulnerabilities, namely improper access control and user-after-free vulnerability.